New app traces contacts, retains privacy, says expert

Using digital data for contact tracing could be a powerful tool for containing the spread of Covid-19, and a new technology app in Singapore could help address fears of data privacy, says a digital data expert.

Andrew Chen is a Research Fellow at Koi Tū: The Centre for Informed Futures, the University of Auckland’s new think tank and research centre. Dr Chen’s research in computer systems engineering focused on camera-based person tracking, as well as how technology might be used to help protect people’s privacy. He now brings that technical lens to better understand how society can use digital technologies more safely.

He says contact tracing using data from smartphones could be one of the most powerful tools in containing the spread of the pandemic, allowing governments to act quickly to contain infected individuals, keep an outbreak under control and effectively suppress virus spread.

“We need contact tracing to save lives and using digital data could make that much more effective. But we also need to protect people’s privacy and minimise rights abuses that could have serious consequences,” he says.

“But constant tracking of all people, whether they are infected or not, is a deep invasion of privacy. It is a use of the data that most people would not have known about, and users effectively cannot opt-out to retain their privacy.”

However, an app called TraceTogether – used in Singapore since 20 March – could be a promising alternative, says Dr Chen. People install the app on their phones with Bluetooth enabled. When they are physically close to someone else with the app, the phones exchange Bluetooth signals and the encounters are logged in the app. It takes several seconds for the exchange – short enough to capture most interactions but long enough to ignore spurious connections.

Anonymous IDs are used so that phone numbers are not exposed. Bluetooth is relatively short-distance (functional within a couple of metres), so it provides a good proxy for physical proximity and is more accurate than GPS or cellphone-signal methods.

It could also help distinguish between people who have been close contacts as opposed to those who are casual contacts. Location is not necessary because contact tracing relies predominantly on connections between people. The data is stored on the phone in encrypted form, and is only sent to the Ministry of Health if the user authorises it after they have been diagnosed with Covid-19.

Constant tracking of all people, whether they are infected or not, is a deep invasion of privacy.

Dr Chen says the methodology is promising because it takes an opt-in approach: users choose to use the app and participate in contact tracing and much thought has gone into the privacy-aware design of the system.

“More than 600,000 Singaporeans enrolled in a few days with the app seen as a way to protect themselves and to help protect those around them.”

Dr Chen says it gives users a sense of agency that is lacking from options that rely on harvesting cellphone network data. Instead, users actively participate in the system, know that it’s happening, and can feel they are contributing towards a solution. The government only tracks consenting individuals who need to be tracked, rather than tracking everyone. The design of this system shows that it is possible to achieve a similar outcome to tracking cellphone location data with fewer implications for privacy.

“Importantly, when a promising intervention meets an established human right, rather than charging ahead anyway, we should consider other ideas that might make the balance easier to find,” says Dr Chen.